问题
The System.Diagnostics.EventLog class provides a way to interact with a windows event log. I use it all the time for simple logging...
System.Diagnostics.EventLog.WriteEntry("MyEventSource", "My Special Message")
Is there a way to set the user information in the resulting event log entry using .NET?
回答1:
Toughie ...
I looked for a way to fill the user field with a .NET method. Unfortunately there is none, and you must import the plain old Win32 API [ReportEvent function](http://msdn.microsoft.com/en-us/library/aa363679(VS.85).aspx) with a DLLImportAttribute
You must also redeclare the function with the right types, as Platform Invoke Data Types says
So
BOOL ReportEvent(
__in HANDLE hEventLog,
__in WORD wType,
__in WORD wCategory,
__in DWORD dwEventID,
__in PSID lpUserSid,
__in WORD wNumStrings,
__in DWORD dwDataSize,
__in LPCTSTR *lpStrings,
__in LPVOID lpRawData
);
becomes
[DllImport("Advapi32.dll", EntryPoint="ReportEventW", SetLastError=true,
CharSet=CharSet.Unicode)]
bool WriteEvent(
IntPtr hEventLog, //Where to find it ?
ushort wType,
ushort wCategory,
ulong dwEventID,
IntPtr lpUserSid, // We'll leave this struct alone, so just feed it a pointer
ushort wNumStrings,
ushort dwDataSize,
string[] lpStrings,
IntPtr lpRawData
);
You also want to look at [OpenEventLog](http://msdn.microsoft.com/en-us/library/aa363672(VS.85).aspx) and [ConvertStringSidToSid](http://msdn.microsoft.com/en-us/library/aa376402(VS.85).aspx)
Oh, and you're writing unmanaged code now... Watch out for memory leaks.Good luck :p
回答2:
You need to add it yourself into the event message.
Use the System.Security.Principal namespace to get the current identity of the thread logging the event.
回答3:
Usually, the user executing the code that calls the EventLog.WriteEntry method will be the user displayed in the event log for the entry.
You could try impersonating another user by creating your own Principal and Identity and associating it with the current thread, however this is not advised as it could introduce security issues and will definitely complicate your application.
来源:https://stackoverflow.com/questions/147307/net-how-to-set-user-information-in-an-eventlog-entry